Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

CVE-2014-2326 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2014-2326

CVE-2014-2326

UNKNOWN

Cross-site scripting (XSS) vulnerability in cdef

Published Mar 27, 2014

Modified 1 years ago

Details

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

WEB

http://bugs.cacti.net/view.php?id=2431

ADVISORY

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html

ADVISORY

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html

ADVISORY

http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html

WEB

http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-A-20140324-001.html

ADVISORY

http://secunia.com/advisories/57647

ADVISORY

http://secunia.com/advisories/59203

WEB

http://svn.cacti.net/viewvc?view=rev&revision=7443

ADVISORY

http://www.debian.org/security/2014/dsa-2970

WEB

http://www.securityfocus.com/archive/1/531588

WEB

http://www.securityfocus.com/bid/66390

WEB

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

ADVISORY

https://security.gentoo.org/glsa/201509-03

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2014-2326

CVSS Analysis

CVSS v2.0

4.3

Exploitability

Access Vector

NetworkAV:N

Access Complexity

MediumAC:M

Authentication

NoneAu:N

Impact

Confidentiality

NoneC:N

Integrity

PartialI:P

Availability

NoneA:N

4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N

Ecosystems

Timeline

PublishedMar 27, 2014

ModifiedAug 6, 2024